CVE-2021-20322

Summary

CVE	CVE-2021-20322
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-18 18:15:00 UTC
Updated	2023-11-09 14:44:00 UTC
Description	A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Risk And Classification

Problem Types: CWE-330

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Hardware	Netapp	Aff A700s	-	All	All	All
Operating System	Netapp	Aff A700s Firmware	-	All	All	All
Hardware	Netapp	Aff Baseboard Management Controller	a400	All	All	All
Operating System	Netapp	Aff Baseboard Management Controller Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H300e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H300e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H300s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H300s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H410s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700s Firmware	-	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Hardware	Netapp	Fas Baseboard Management Controller	8300	All	All	All
Hardware	Netapp	Fas Baseboard Management Controller	8700	All	All	All
Operating System	Netapp	Fas Baseboard Management Controller Firmware	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Hardware	Netapp	Hci Compute Node	-	All	All	All
Operating System	Netapp	Hci Compute Node Firmware	-	All	All	All
Application	Netapp	Solidfire Enterprise Sds Hci Storage Node	-	All	All	All
Application	Netapp	Solidfire Hci Management Node	-	All	All	All
Application	Oracle	Communications Cloud Native Core Binding Support Function	22.1.3	All	All	All
Application	Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1	All	All	All
Application	Oracle	Communications Cloud Native Core Policy	22.2.0	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 2941-1] linux-4.19 security update	MLIST	lists.debian.org
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
CVE-2021-20322 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
2014230 – (CVE-2021-20322) CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies	MISC	bugzilla.redhat.com
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
Debian -- Security Information -- DSA-5096-1 linux	DEBIAN	www.debian.org
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
Oracle Critical Patch Update Advisory - July 2022	N/A	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159741 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9260)
159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
178943 Debian Security Update for linux (DLA 2843-1)
179117 Debian Security Update for linux (DSA 5096-1)
179119 Debian Security Update for linux-4.19 (DLA 2941-1)
180522 Debian Security Update for linux (CVE-2021-20322)
198655 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5268-1)
240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
240298 Red Hat Update for kernel security (RHSA-2022:1988)
240390 Red Hat Update for kernel-rt (RHSA-2022:4835)
240392 Red Hat Update for kernel security (RHSA-2022:4829)
353161 Amazon Linux Security Advisory for kernel : ALAS-2022-1563
354747 Amazon Linux Security Advisory for kernel : ALAS-2023-1688
390258 Oracle VM Server for x86 Security Update for kernel (OVMSA-2022-0011)
671181 EulerOS Security Update for kernel (EulerOS-SA-2021-2934)
671219 EulerOS Security Update for kernel (EulerOS-SA-2022-1030)
671225 EulerOS Security Update for kernel (EulerOS-SA-2022-1010)
671252 EulerOS Security Update for kernel (EulerOS-SA-2022-1171)
671288 EulerOS Security Update for kernel (EulerOS-SA-2022-1227)
671304 EulerOS Security Update for kernel (EulerOS-SA-2022-1208)
751399 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1501-1)
751406 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3806-1)
751424 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3848-1)
751436 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3877-1)
751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
751462 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3941-1)
751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
751489 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (SUSE-SU-2021:4057-1)
900692 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8673)
906237 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8673-1)
940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)